Opera: Multiple vulnerabilities
— GLSA 200710-31

Opera contains multiple vulnerabilities, which may allow the execution of
arbitrary code.

Affected Packages

Package

www-client/opera on all architectures

Affected versions

< 9.24

Unaffected versions

>= 9.24

Background

Opera is a multi-platform web browser.

Description

Michael A. Puls II discovered an unspecified flaw when launching
external email or newsgroup clients (CVE-2007-5541). David Bloom
discovered that when displaying frames from different websites, the
same-origin policy is not correctly enforced (CVE-2007-5540).

Impact

An attacker could potentially exploit the first vulnerability to
execute arbitrary code with the privileges of the user running Opera by
enticing a user to visit a specially crafted URL. Note that this
vulnerability requires an external e-mail or newsgroup client
configured in Opera to be exploitable. The second vulnerability allows
an attacker to execute arbitrary script code in a user's browser
session in context of other sites or the theft of browser credentials.

Workaround

There is no known workaround at this time for all these
vulnerabilities.